Problem...

Problem...

offline
  • alen74 
  • Novi MyCity građanin
  • Pridružio: 05 Jun 2009
  • Poruke: 4

Pozdrav svima i komplimenti za forum...
Imam problem sa (najvjerovatnije) nekim trojancem,koji nikako da uspijem skinuti ni sa nod32,ni sa nekoliko antimalwere i antitrojan programima koje sam isprobao do sada...
Imam 2 hd u komp. c i d...
Klikom na bilo koji (ali ne desava se bas uvijek) pokrene mi se iexplorer i kaze mi da mi je komp inficiran,krene scanning i na kraju mi daje nesto za download...
Naravno da odbijem svaki put,ali kako ga se rijesiti?
Ovde dole je izvjestaj Hijackthis:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.mini20.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Programmi\Desktop Sidebar\sbhelp.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D487F344-24FF-461D-9497-D640F7413DDA} - C:\WINDOWS\system32\srtht.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programmi\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [egui] "C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] "RTHDCPL.EXE"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programmi\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programmi\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

Hvala unaprijed...

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...



Arrow Preuzmi sUBs-ov ComboFix sa jedne od sledećih adresa na Desktop:


Bleeping Computer . . . . . Geeks to Go!
Klikni desnim tasterom na neki od linkova i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
zatvori pokrenute programe;
deaktiviraj zaštitni softver (uputstvo);
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • alen74 
  • Novi MyCity građanin
  • Pridružio: 05 Jun 2009
  • Poruke: 4

Uradjeno...evo izvjestaja:


ComboFix 09-06-05.07 - XP 06/06/2009 14.31.54.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1983.1488 [GMT 2:00]
Eseguito da: c:\documents and settings\XP\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\XP\IMPOST~1\Temp\drsb.exe
c:\documents and settings\XP\Dati applicazioni\inst.exe
c:\windows\system32\drivers\biqxksse.sys
c:\windows\system32\drivers\waowzxgx.sys
c:\windows\system32\Plugins
c:\windows\system32\Plugins\Hoster\aCallbackMethods.dll
c:\windows\system32\Plugins\Hoster\archivto.dll
c:\windows\system32\Plugins\Hoster\bluehostto.dll
c:\windows\system32\Plugins\Hoster\dataupde.dll
c:\windows\system32\Plugins\Hoster\fastloadnet.dll
c:\windows\system32\Plugins\Hoster\fastshareorg.dll
c:\windows\system32\Plugins\Hoster\fileuploadnet.dll
c:\windows\system32\Plugins\Hoster\megauploadcom.dll
c:\windows\system32\Plugins\Hoster\meinuploadcom.dll
c:\windows\system32\Plugins\Hoster\moosharede.dll
c:\windows\system32\Plugins\Hoster\myvideode.dll
c:\windows\system32\Plugins\Hoster\netloadin.dll
c:\windows\system32\Plugins\Hoster\PluginSettings.ini
c:\windows\system32\Plugins\Hoster\qsharecom.dll
c:\windows\system32\Plugins\Hoster\rapidsharecom.dll
c:\windows\system32\Plugins\Hoster\shareonlinebiz.dll
c:\windows\system32\Plugins\Hoster\shareplacecom.dll
c:\windows\system32\Plugins\Hoster\silofilescom.dll
c:\windows\system32\Plugins\Hoster\speedysharecom.dll
c:\windows\system32\Plugins\Hoster\uploadedto.dll
c:\windows\system32\Plugins\Hoster\yourfilesbiz.dll
c:\windows\system32\Plugins\Hoster\youtubecom.dll
c:\windows\system32\Plugins\YouCrypt\callbackmethods.dll
c:\windows\system32\Plugins\YouCrypt\captcha.dll
c:\windows\system32\Plugins\YouCrypt\cineto.dll
c:\windows\system32\Plugins\YouCrypt\datenbankorg.dll
c:\windows\system32\Plugins\YouCrypt\datenschleuder.dll
c:\windows\system32\Plugins\YouCrypt\ddlscene.dll
c:\windows\system32\Plugins\YouCrypt\ddl(zabranjeno).dll
c:\windows\system32\Plugins\YouCrypt\dreidl.dll
c:\windows\system32\Plugins\YouCrypt\dxpdivxvidorg.dll
c:\windows\system32\Plugins\YouCrypt\gamezam.dll
c:\windows\system32\Plugins\YouCrypt\gapping.dll
c:\windows\system32\Plugins\YouCrypt\g(zabranjeno).dll
c:\windows\system32\Plugins\YouCrypt\linksafe.dll
c:\windows\system32\Plugins\YouCrypt\LinkSave.dll
c:\windows\system32\Plugins\YouCrypt\lix.dll
c:\windows\system32\Plugins\YouCrypt\mirrorit.dll
c:\windows\system32\Plugins\YouCrypt\netfolderin.dll
c:\windows\system32\Plugins\YouCrypt\onekh.dll
c:\windows\system32\Plugins\YouCrypt\rapidfolder.dll
c:\windows\system32\Plugins\YouCrypt\rapidlayer.dll
c:\windows\system32\Plugins\YouCrypt\rapidsafede.dll
c:\windows\system32\Plugins\YouCrypt\rapidsafenet.dll
c:\windows\system32\Plugins\YouCrypt\relinkus.dll
c:\windows\system32\Plugins\YouCrypt\RScomLinkList.dll
c:\windows\system32\Plugins\YouCrypt\rslayer.dll
c:\windows\system32\Plugins\YouCrypt\saveraidrush.dll
c:\windows\system32\Plugins\YouCrypt\secured.dll
c:\windows\system32\Plugins\YouCrypt\securnet.dll
c:\windows\system32\Plugins\YouCrypt\serienjunkies.dll
c:\windows\system32\Plugins\YouCrypt\shareonall.dll
c:\windows\system32\Plugins\YouCrypt\shareprotect.dll
c:\windows\system32\Plugins\YouCrypt\stealth.dll
c:\windows\system32\Plugins\YouCrypt\tinyurl.dll
c:\windows\system32\Plugins\YouCrypt\UndergroundCMS.dll
c:\windows\system32\Plugins\YouCrypt\uppicoasis.dll
c:\windows\system32\Plugins\YouCrypt\urlcash.dll
c:\windows\system32\Plugins\YouCrypt\usercashcom.dll
c:\windows\system32\Plugins\YouCrypt\xlinkin.dll
c:\windows\system32\srtht.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BIQXKSSE
-------\Service_biqxksse


((((((((((((((((((((((((( Files Creati Da 2009-05-06 al 2009-06-06 )))))))))))))))))))))))))))))))))))
.

2009-05-24 12:06 . 2009-05-24 12:06 -------- d--h--w- c:\windows\PIF
2009-05-24 10:51 . 2009-05-24 10:51 -------- d-----w- c:\documents and settings\XP\Impostazioni locali\Dati applicazioni\DesktopSearch
2009-05-24 10:49 . 2009-05-24 10:49 -------- d-----w- c:\documents and settings\XP\Dati applicazioni\Codemonster
2009-05-24 10:49 . 2009-05-24 10:49 -------- d-----w- c:\programmi\Codemonster
2009-05-21 15:14 . 2009-05-21 15:14 -------- d-----w- c:\programmi\File comuni\xing shared
2009-05-15 17:38 . 2009-05-15 17:39 -------- d-----w- C:\XPSOURCE
2009-05-15 16:39 . 2009-05-15 16:39 -------- d-----w- C:\DriveKey
2009-05-09 20:28 . 2009-05-09 20:28 390664 ----a-w- c:\documents and settings\XP\Dati applicazioni\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-08 21:34 . 2009-05-08 21:34 -------- d-----w- c:\programmi\Common Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-06 12:25 . 2009-03-14 18:48 -------- d-----w- c:\documents and settings\XP\Dati applicazioni\SUPERAntiSpyware.com
2009-06-06 12:25 . 2009-03-14 18:48 -------- d-----w- c:\programmi\SUPERAntiSpyware
2009-06-06 12:24 . 2009-03-12 15:09 -------- d-----w- c:\documents and settings\XP\Dati applicazioni\Lavasoft
2009-05-24 10:49 . 2008-12-10 18:01 70408 ----a-w- c:\documents and settings\XP\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-05-23 20:32 . 2008-04-14 12:00 80268 ----a-w- c:\windows\system32\perfc010.dat
2009-05-23 20:32 . 2008-04-14 12:00 481664 ----a-w- c:\windows\system32\perfh010.dat
2009-05-21 15:14 . 2008-12-11 15:16 -------- d-----w- c:\programmi\File comuni\Real
2009-05-21 15:14 . 2009-04-29 19:53 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-05-21 15:14 . 2009-04-29 19:53 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-05-20 18:19 . 2009-01-18 14:27 -------- d-----w- c:\programmi\Hidden Wonders of the Depths
2009-05-15 16:39 . 2008-12-10 18:22 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-04-29 20:10 . 2009-04-29 20:10 -------- d-----w- c:\programmi\Easy Video Downloader
2009-04-29 19:53 . 2009-04-29 19:53 -------- d-----w- c:\programmi\Real
2009-04-29 18:54 . 2009-04-29 18:54 51032 ---ha-w- c:\windows\system32\mlfcache.dat
2009-04-23 18:39 . 2009-02-15 16:45 -------- d-----w- c:\programmi\eMule
2009-04-15 19:06 . 2008-12-11 08:02 -------- d-----w- c:\programmi\File comuni\Adobe
2009-04-11 19:58 . 2009-04-11 19:54 -------- d-----w- c:\programmi\K-Lite Codec Pack
2009-04-02 13:21 . 2009-04-11 19:54 84480 ----a-w- c:\windows\system32\ff_vfw.dll
2009-03-14 17:49 . 2009-03-14 17:49 10 ----a-w- c:\windows\popcinfo.dat
2009-03-09 21:29 . 2009-03-09 21:30 185856 ----a-w- c:\windows\system32\framedyn.dll
2009-03-09 21:29 . 2009-03-09 21:29 5415 ----a-w- c:\windows\system32\Choice.com
.

------- Sigcheck -------

[-] 2008-09-24 21:26 1571840 47F335983AC68A57021A208BB2BB4D6F c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-12 7626752]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2009-05-21 198160]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-12-30 18082304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-02-20 124928]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\Programi\\c.downloads\\mIRC 6.31 Italiano - Cosmo Blu\\mIRC.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Documents and Settings\\XP\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Programmi\\Activision\\Demo di SHREK TERZO\\SHReK the THiRD.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Programmi\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21/12/2007 9.21.56 VANESSA 33800]
R2 ekrn;Eset Service;c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [21/12/2007 9.21.16 VANESSA 468224]
R3 PAC7311;VGA USB Camera;c:\windows\system32\drivers\PA707UCM.SYS [11/12/2008 21.00.58 VANESSA 155648]
S2 spydetector;spydetector;\??\c:\programmi\Spyware Process Detector\spydetector.sys --> c:\programmi\Spyware Process Detector\spydetector.sys [?]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - BIQXKSSE
*Deregistered* - biqxksse
.
Contenuto della cartella 'Scheduled Tasks'

2009-06-05 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2009-06-06 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

SafeBoot-procexp90.Sys
SafeBoot-WRConsumerService


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\XP\Dati applicazioni\Mozilla\Firefox\Profiles\xgljj5sb.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/firefox?client=firefox-a&rls=org.mozilla:it:official
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npOGAPlugin.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-06-06 14:35
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(2120)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\WgaTray.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PAStiSvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2009-06-06 14.36.59 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-06-06 12:36

Pre-Run: 63.245.185.024 byte disponibili
Post-Run: 63.262.359.552 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

225 --- E O F --- 2009-05-23 14:56

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Upload-uj sledeća dva file-a:

c:\windows\system32\framedyn.dll
c:\windows\system32\Choice.com


Upload link: http://www.mycity.rs/ambulanta-upload.php

offline
  • alen74 
  • Novi MyCity građanin
  • Pridružio: 05 Jun 2009
  • Poruke: 4

Uradjeno....

P.S. vec sam primjetio da muzikica pri restartu svira pravilno,jer prije je pucketalo...

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

OK. Ovo izgleda čisto.

Sem ako postoji neki konkretan problem ovde smo gotovi.


Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

combofix /u

Primeti da postoji razmak između "ComboFix" i "/u".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.

offline
  • alen74 
  • Novi MyCity građanin
  • Pridružio: 05 Jun 2009
  • Poruke: 4

Ok hvala velika....

Ko je trenutno na forumu
 

Ukupno su 556 korisnika na forumu :: 5 registrovanih, 2 sakrivenih i 549 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: amstel, cenejac111, flash12, mushroom, voja64